How to set up https ssl on VDS/VPS for Home Assistant

The article at the link describes “how to configure https ssl for Home Assistant, which is behind NAT (behind a home router) when the provider issues a gray IP address”.

But what if you need to install and configure Home Assistant on a VPS/VDS server? A white IP address is issued there, so services like DuckDNS and setting up port forwarding in routers are not needed.

The scheme is this:

When we enter the address in the address bar of the browser, then on our server Ngnix will accept this request on port 443. It must first be configured using the link above. And in those settings it is indicated that these requests are redirected to

Nginx settings in the hass file:

map $http_upgrade $connection_upgrade {
    default upgrade;
    ''      close;

server {
    # Update this line to be your domain

    # These shouldn't need to be changed
    listen [::]:80 default_server ipv6only=off;
    return 301 https://$host$request_uri;

server {
    # Update this line to be your domain

    # Ensure these lines point to your SSL certificate and key
    ssl_certificate /etc/letsencrypt/live/;
    ssl_certificate_key /etc/letsencrypt/live/;
    # Use these lines instead if you created a self-signed certificate
    # ssl_certificate /etc/nginx/ssl/cert.pem;
    # ssl_certificate_key /etc/nginx/ssl/key.pem;

    # Ensure this line points to your dhparams file
    ssl_dhparam /etc/nginx/ssl/dhparams.pem;

    # These shouldn't need to be changed
    listen [::]:443 ssl default_server ipv6only=off; # if your nginx version is >= 1.9.5 you can also add the "http2" flag here
    add_header Strict-Transport-Security "max-age=31536000; includeSubdomains";
    # ssl on; # Uncomment if you are using nginx < 1.15.0
    ssl_protocols TLSv1.2;
    ssl_prefer_server_ciphers on;
    ssl_session_cache shared:SSL:10m;

    proxy_buffering off;

    location / {
        proxy_set_header Host $host;
        proxy_redirect http:// https://;
        proxy_http_version 1.1;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $connection_upgrade;

Home Assistant accepts and processes these requests. And in order for Home Assistant to allow such a reverse proxy, the following magic words must be written in Home Assistant in configuration.yaml:

  use_x_forwarded_for: true

Most likely, this will also work successfully if port forwarding is done through OpenVPN or another VPN.

A few months ago I tried to do this on Apache2, but it didn’t work. Toli I did not fully understand the scheme, if (as people write) it is very difficult or not possible to do this through Apache.

1 Like

Are you asking for an apache equivalent to the nginx configuration?

A search returns this